Understanding Phishing Scams…first hand!

Bank of America Phishing email

This is my PSA (Public Service Announcement) for the week and it is about something pretty scary…Phishing Scams. Several years ago, I was a victim of identity theft. It was not a pleasant experience but it left me wiser and more cautious. It was done the old fashioned way of swiping some receipts and looking up some account information (local retailer). Nowadays, identity thieves have become much better in their “art.” I have first hand experience now…but I wasn’t a victim.

So, here is what happened, I received the following email:

Bank of America Phishing email
It looked much more legit than others that I have seen. There were no huge gramatical errors or spelling errors (although the writing was pretty bad). So, I figured that I would check to see if Bank of American had shut down the site yet. To my suprise, they hadn’t! Thus, it became my mission to document this as a warning for others.

So, using Safari (because I have no faith in using Internet Explorer for things like this because of ActiveX installers and such), I went to the site and documented it. It looks identical to the current Bank of America site, and all of the links (with the exception of the login section in the upper left) were valid. Here is what it looked like:

Bank of America Phishing screen #1

Take a look at the url and the domain [http://debitcc.bankofamerica.uo-s.com/secure/ ].

Note: 6/15/09 – I have been contacted by the owner of the domain who has asked that I remove his contact information. Since this post was written almost 3 years ago, things have changed so I am removing the personal details from the WHOIS lookup. Also, the domain expired a couple of years ago. My apologies for any inconvenience that this may have caused. It is, however, important to thoroughly investigate the hosting provider and domain registrar that you eventually choose. It sounds like the original owner was taken advantage of and his name potentially blemished through the acts of a 3rd party. Do note that it was not my intent to blame people, my goal with this site has always been to educate. So, from a point of education, 1) research those hosters/registrars and 2) be careful when accessing financial institution sites when clicking through emails.

Doing a WHOIS on that domain gets me this:

Registrant:
XXX XXXX
XXXXXXXX
XXXXX, XXXXXXXX
Latvia

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: UO-S.COM
Created on: 22-May-06
Expires on: 22-May-07
Last Updated on: 16-Jun-06

Administrative Contact:
XXXXXX, XXXX  xxxxxx.xxxxxx@xxxxx.com
XXX XXXX
XXXXXXXX
XXXXX, XXXXXXXX
Latvia
#########

Technical Contact:
XXXXXX, XXXX  xxxxxx.xxxxxx@xxxxx.com
XXX XXXX
XXXXXXXX
XXXXX, XXXXXXXX
Latvia
#########

Domain servers in listed order:
DNS2.CHARGERTEK.COM
DNS3.CHARGERTEK.COM

Hmmm. I don’t think that Bank of America is located in LATVIA! So, I went on to put in some fake information in the login screen and got to the screen that captures ALL the critical “identity theft” information. Take a look at this screenshot (click to view):

Bank of America Phishing screen #2

Clicking submit sends all of your confidential information off to the scammer! See success screenshot below:

Bank of America Phishing screen #3

So, I just figured that I would post this so that you know to be sure to never click through links sent in emails but rather go directly through your web browser. Be careful!!! I have reported this to Bank of America…so the site will hopefully be taken down soon.

- Advertisement -
- Advertisement -
- Advertisement -

7 Responses

  1. Listen, I would like to know what IP was there at the moment. As I am the domain owner I didn’t knew who was using it as at that time I was moving in UK. Any information would be needed as the Domain provider deleted my domain aswell.

    Thanks.

  2. Listen, I would like to know what IP was there at the moment. As I am the domain owner I didn’t knew who was using it as at that time I was moving in UK. Any information would be needed as the Domain provider deleted my domain aswell.

    Thanks.

  3. Not sure if the user above is truly the “Marcis” who appeared in the WHOIS…and I’m not too sure I understand the nature of the post. I don’t know what that the IP was when that site was up. If I encounter one again, that is probably a good thing to grab. If your site was highjacked by someone for this phishing scam, I’m sorry to hear that.

  4. Not sure if the user above is truly the “Marcis” who appeared in the WHOIS…and I’m not too sure I understand the nature of the post. I don’t know what that the IP was when that site was up. If I encounter one again, that is probably a good thing to grab. If your site was highjacked by someone for this phishing scam, I’m sorry to hear that.

  5. There is another link under the category of personal finance but it has nothing to do with finance. If you have difficulties in making payment, you can click the link named wachoviabank.com. You will have an expert helping you to fix your problems and you don’t have to go out of your home to get the service. What you need to do is to choose a button between the two “call us today” and “we’ll call you”. Don’t you think this service shows the attentiveness and consideration of the Wachovia? It’s really good in my opinion.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other articles of interest

Global Product Review Disclosure

Disclosure: This is a global disclosure for product review articles on HighTechDad. It does not apply to Automobile reviews and there are other exceptions. Therefore, it may or may not be applicable to this particular article. I may have a material connection because I may have received a sample of a product for consideration in preparing to review the product and write this or other content. I was/am not expected to return the item after my review period. All opinions within this and other articles are my own and are typically not subject to the editorial review from any 3rd party. Also, some of the links in the post above may be “affiliate” or “advertising” links. These may be automatically created or placed by me manually. This means if you click on the link and purchase the item (sometimes but not necessarily the product or service being reviewed), I will receive a small affiliate or advertising commission. More information can be found on my About page.

About HighTechDad

Michael Sheehan (“HighTechDad”) is an avid technologist, writer, journalist, content marketer, blogger, tech influencer, social media pundit, loving husband and father of 3 beautiful girls living in the San Francisco Bay Area. This site covers technology, consumer electronics, Parent Tech, SmartHomes, cloud computing, gadgets, software, hardware, parenting “hacks,” and other tips & tricks.

Recent Articles

Explore Categories

– Advertisement –

Shop Now!

My Favorite Setapp Apps

Affiliates

  • Save 15% Off at Incase
  • Mount18_July

– Advertisement –

Intellifluence Trusted Blogger
Shop HighTechDad-reviewed products
– Advertisement –